#31764: Add a way to allow subdomain wildcards in the set of allowed hosts for
redirects after login/logout
--------------------------------+--------------------------------------
Reporter: Jordan Hayashi | Owner: nobody
Type: New feature | Status: closed
Component: contrib.auth | Version: master
Severity: Normal | Resolution: needsinfo
Keywords: | Triage Stage: Unreviewed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
--------------------------------+--------------------------------------
Changes (by Carlton Gibson):
* status: new => closed
* resolution: => needsinfo
Comment:
Hi Jordan. Thanks for the idea.
I'm not sure what to say:
How pressing is the need? Do we want to add the additional complexity here
to save updating a presumably small list of subdomains that we'd actually
redirect to? For those cases that truly need a dynamic wildcard value,
should we not prefer recommending a subclass in that case? (And so on.)
There's two steps:
* Adding `allow_wildcards` to
`django.utils.http.url_has_allowed_host_and_scheme()`
* And using that in Login/Logout view.
The handy
[https://github.com/django/django/compare/master...jhhayashi:jhh/allow_wildcard_host_redirects
Compare view].
Can I ask you to propose this on the DevelopersMailingList for a wider
audience? Please explain your use-case and hint at answers to the
questions here.
If there's consensus there then we can proceed.
Thanks.
--
Ticket URL: <https://code.djangoproject.com/ticket/31764#comment:2>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/067.56477c1ac56de6e2cbb7f259b9e1dd24%40djangoproject.com.